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Abstract 

Exactly solving first-order constraints (i.e., first-order formulas over 
a certain predefined structure) can be a very hard, or even undecidable 
problem. In continuous structures like the real numbers it is promising 
to compute approximate solutions instead of exact ones. However, 
the quantifiers of the first-order predicate language are an obstacle 
to allowing approximations to arbitrary small error bounds. In this 
paper we remove this obstacle by modifying the first-order language 
and replacing the classical quantifiers with approximate quantifiers. 
These also have two additional advantages: First, they are tunable, in 
the sense that they allow the user to decide on the trade-off between 
precision and efficiency. Second, they introduce additional expressivity 
into the first-order language by allowing reasoning over the size of 
solution sets. 

1 Introduction 

Solving first-order constraints, (i.e., first-order formulas over a certain prede- 
fined structure), and especially first-order constraints over the reals, has nu- 
merous applications |^, ||, 12, ^ However, solving such constraints 



over the reals is either highly complex (e.g., when considering the predicate 



symbols = and <, and the function symbols -|- and x [39, 14, 11, HSl), or im- 



possible [39, 37]. To deal with this problem, one can either restrict one-selves 



to more special problem classes (see e.g. [^, 23, 18[), or relax the problem 
by allowing approximation up to a user-specified error bound (as proposed 
by H. Hong [^4|). This paper studies the general feasibility of the second 
approach. Its main contributions are: To show that even for this relaxed 
specification we might have to do exact intermediate computation; and to 
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introduce a modification of the first-order predicate language — approximate 
quantifiers — for whicli this problem does not occur. 

These quantifiers have two additional advantages: First, they are tun- 
able, in the sense that they allow the user to decide on the trade-off between 
precision and efficiency. Second, they introduce additional expressivity into 
the first-order predicate language, by allowing reasoning over the size of 
solution sets. 

The first step to introduce approximate quantifiers is to allow quantifiers 
with a positive real annotation q, with the intuitive meaning that a formula 
3qX (f) is true iff the volume of the solution set of (f) is greater than q. We will 
see that this does not yet allow the computation of approximate solution 
sets up to arbitrarily small, user-specified, error bounds. 

So we allow quantifiers to be annotated with a real interval [q^q], with 
the intuitive meaning that the exact annotation can be any element of [q', g]. 
This allows an algorithm to choose the most suitable value in and we 
do not care which one. This means that a sentence in the language does not 
have one distinct truth- value but has a set of possible truth- values (cmp. 



with |2C] or |2^). We will prove that, from a good enough approximation of 
the solution sets of the atomic sub-constraints, we can always compute at 
least one of these truth- values, and thus one can always attain an arbitrarily 
small error bound when computing approximate solution sets. 

Following the usual approach (see e.g. [Q), one would implement such a 
logic using sets of truth- values (representing a many- valued logic |^, ^ ) in- 
stead of single truth- values. We show that this approach is not suitable here 
and present a new method that is completely orthogonal to the semantics 
usually given to formulas when we do not know the value of certain predi- 
cate and function symbols and thus assign validity to the formula using all 
possible predicate and function symbol assignments (i.e., interpretations). 
Although arising from problems over real numbers, the resulting first-order 
language is completely domain-independent. 

The above situation that there are several possible values for an object, 
and we either do not know or do not care which one should be taken, is 
commonly called don't know and don't care nondeterminism, respectively. 
Here both forms occur at the same time, which creates various difficulties 
through their interaction. Our approach gives general insight into such 
a situation by showing how one can compute with such nondeterministic 
objects, nevertheless. So our language can be easily extended to take into 
account nondeterminism coming from other sources. For example uncertain 
coefficients of occurring polynomials can be either modeled as don't care 
nondeterminism (the united approach) or as don't know nondeterminism 
(the robust approach) ||8|, [l^, ^ . 

The structure of the paper is as follows: In Section ^, we give the spec- 
ification of solving first-order constraints approximately up to some user- 
specified error bound, and informally show that this is impossible for con- 
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straints containing classical quantifiers. In Section we develop a suitable 
formal model for approximate computation. In Section ^ use this model to 
formalize the approximate solving of first-order constraints and its problems 
discussed in Section ^. In Section ||, we give a first-order language where 
the classical quantifiers are replaced by approximate ones. In Section ^, we 
apply the formal model for approximately solving first-order constraints to 
approximate quantifiers. In Section ^, we show how to deal with the result- 
ing two forms of nondeterminism. In Section ^, we prove that one can solve 
constraints that contain approximate instead of classical quantifiers up to 
an arbitrary small error bound. In Section ^, we discuss related work, and 
in Section 10, we give a final conclusion. 



2 Approximate Solving of First-Order Constraints 

Throughout the paper we use the term "constraint" as a shortcut for "first- 
order constraint", that is, a first-order formula over a certain, predefined 
structure S. We fix a set V of variables and define a variable assignment as 
a function from V to S. For a variable assignment 9, an element a € 5, and 
variable v V, 9^ is the variable assignment that is the same as 9 except 
that it assigns a to v. 

We define the property that a constraint is true for a certain variable 
assignment (or is satisfied by it) as usual. A potential solution set is a set 
of variable assignments (we use the adjective "potential" for signifying the 
independence from a specific constraint), and the solution set of a first-order 
constraint (j) is the set of variable assignments for which (f> is true 

Sometimes we denote the solution set of a closed first-order constraint 
(i.e., sentence) by the Boolean constant T (which represents the set of all 
variable assignments), or F (which represents the empty set). In this case 
we also speak of the truth-value (instead of solution set) of a first-order 
constraint. 

Recall that the notion of volume is modeled in mathematics by measure 
spaces (see any textbook on measure theory, for example [ll9| , for details). 
For any measure /i and set A, the inner measure fJ.{A) is the supremum of 
the measures of all measurable subsets of A (or — oo, if this supremum does 
not exist) , and the outer measure JliA) is the infimum of the measures of all 
measurable supersets of A (or oo, if this infimum does not exist). For any set 
A, fi{A) < Ji-iA). If A is measurable, then n{A) = fi{A) = Ji-iA) — in this case 
we often use the term volume for measure. Furthermore, we call a function 
H possible measure iff for any set A, fJ,{A) G [iJ,{A),]l{A)]. We straightfor- 
wardly extend any measure on cS'^' to a measure on (potential) solution sets 
by measuring the tuples corresponding to the variable assignments in the 
(potential) solution set. 

We want to solve constraints: Given some constraint, we want to get a 
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simple (e.g., quantifier-free) representation of its solution set. However, over 
the real numbers, this problem is either highly complex ||39| , [l^ , ^] or 
undecidable |^9|, ^ . So we can only hope to tackle the general problem, if we 
relax it. As proposed by H. Hong |^], we do this by allowing approximation. 
This results in the problem specification of Figure [l|. 



Given: A constraint <j), and 

a positive real error bound e 

Find: Sets Y and N of variable assignments, such that 
(j) is true for all elements of Y, 
(j) is false for all elements of N , 

the volume of the variable assignments not in y or is smaller 
than e 



Figure 1: Problem Specification 

In this paper we assume that we already have an algorithm that imple- 
ments this specification for atomic input constraints. For example, one can 
use for this a branch-and-bound approach based on interval arithmetic |27]. 



In theory, one would need arbitrary precision here. In practice, however, 
fast machine-precision floating-point arithmetic usually suffices. 

We would like to find an algorithm that fulfills the given specification 
based on such a solver for atomic constraints. However, this is impossible 
in general, because sometimes exact solution sets of atomic sub-constraints 
are needed to compute such approximate solutions. We show this here in- 
formally and formalize the arguments in the two following sections. Take 
an input constraint of the form 3x (p without free variables, where cj) is an 
atomic constraint with an empty solution set. Determine for all x, except 
for a set of arbitrarily small but positive volume, whether x is in the solution 
set of (j). From this information we cannot deduce that 3a; (j) is false, because 
some of the remaining x might be in the solution set of (j), in which case 
3a; would be true. 

One could suspect that the reason for this problem is, that a classical 
quantifier has to take into account arbitrarily small solution sets of the 
quantified sub-constraint. So let us introduce an additional quantifier 3^ 
(the existential volume quantifier) into the first-order predicate language, 
where g is a non- negative real number. A closed constraint of the form 
3qX (j) is true iff the volume of the x, for which (j) is true, is greater than 
q. But even for this quantifier, we have the same problem: Take an input 
constraint of the form 3qX cj). Assume that the solution set of cj) has exactly 
the volume q. Determine for all x, except for a set of arbitrarily small but 
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positive volume, whether x is in the solution set of (j). Again, from this 
information we cannot deduce whether 3gX (j) is true. Note that one can 
easily find examples of constraints with free variables, that show the same 
behavior; in this case we can deduce for no element of the free- variable space 
whether it is an element of the solution set of such a constraint. 

Speaking in the language of numerical analysis, the problem of find- 
ing approximations of solution sets of quantified constraints is ill-posed for 
certain inputs. This means that one can only solve it by approximation 
methods either after using more information, or after relaxing the problem. 
Following the latter approach, we introduce different quantifiers, for which 
the problem does not occur. 



3 A Model for Approximate Computation 

Before solving the problems described in the last section, we formalize them. 
For this we develop a model for approximate computation in this section, 
and apply it to approximate solving of first-order constraints in the next 
section. Readers who want to see a solution to the problem immediately, 
without being interested in formal proofs, can skip these sections and can 
directly jump to Section |5[ 

Assume a set A. Instead of doing exact computation in A, we use a set 
A for approximating computation in A. For this we add a notion of error, 
that is, a function from A to M"^. For example, one can do approximate 
computation for the real numbers using the set of rational intervals. Here 
the error of an interval is its width. Take the expression 2x + \. If we 
know that x is in the interval [2, 3] then we can deduce that the value of the 
expression is within [5, 7] — a result with error 2. 

Here we would like to be able to make the output error arbitrarily small 
by making the input error small: 

Definition 1 A function f : A ^ A is convergent iff for all e € M"*" there 
is a 5 (z M^" such that for all a (z A such that the error of a is less or equal 
6, the error of f{a) is less or equal e. 

Note that this definition corresponds to the definition of uniform continu- 
ity in analysis; this notion and similar ones are used as necessary conditions 
for computability in effective analysis Q |^ |3^, 44 1 . 



We assume that every element a ^ A gives us the information that the 
result of some computation is in a certain subset of A. So we use subsets of 
A for modeling approximate computation from now on and simply identify 
A with 2^. As in the example of rational intervals, very often one just uses 
certain subsets of A that allow a convenient representation. 

Observe that it can also occur that we cannot define a certain function 
exactly, but only approximately. This means that there are several possible 
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functions, and we do not know which one is the correct one to use. Again we 
represent this don't know nondeterminism by a set of functions, which we cah 
approximate function. For example, the function computing the weight of a 
certain mass depends on the constant describing gravitational acceleration. 
The exact value of this constant depends on the distance from the center of 
the earth, and so we have not exact value for it — only an interval covering 
all its possible values on the surface of the earth. Therefore several such 
functions are possible and the whole function is approximate. 

If we want to do approximate computation, then the best possible result 
we can obtain without producing wrong results, is: 

Definition 2 For an approximate function f such that each element is a 
function on A, for an d A 

Extfid) := {/(a) \ f e f,aed} 
We call Ext^ the extension of /. 

For example, interval arithmetic |3^ defines approximate computa- 
tion on the real numbers in this way. However, instead of computing with 
exact rational end-points, the results are usually rounded to the smallest 
super-interval whose end-points are floating-point numbers. 

Clearly the fact that the extension of a function is not convergent, implies 
that we cannot use approximate computation to compute this function up 
to an arbitrarily small error. 

4 Approximate Computation and Classical Quan- 
tifiers 

Now we use the tools developed in the last section to show that classical 
quantifiers are an obstacle to approximate computation. Let S be the set 
of potential solution sets. Then we can do approximate computation using 
S, whose elements we call potential approximate solution sets, where the 
approximate solution set of a constraint is a potential approximate solution 
set that contains the solution set of cj). 

We can deduce the information we want to find for our specification 
(Figure [l|) as follows: 

Definition 3 A variable assignment 9 is determined to true hy a potential 
approximate solution set d iff for all d G d, 9 d. It is determined to false 
by d iff for all d G d, 9 ^ d. It is determined by d iff it is either determined 
to true or determined to false by d. 
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Now we can easily define the error of a potential approximate solution 
set d as the upper measure of the set of all variable assignments that are 
not determined by d. 

For example, an approximate solution set of the constraint + < 1 
might contain all the potential solution sets that do not contain elements 
outside of the rectangle [—1,1] x [—1,1] (the solution set of + < 1 is 
one of these). In this case all variable assignments assigning values outside 
of [—1, 1] are determined to false, and no variable assignment is determined 
to true. By measuring the size of the rectangle [—1, 1] x [—1, 1] we get the 
error 4 of this approximate solution set. 

For a constraint of the form L{(j)i, . . . , (/>„), where L is either a quantifier 
and a variable (in this case n = 1) or a connective, the solution set of 
the total constraint is a function of the solution sets of the sub-constraints 

. . . ,(pn- It is easy to show that the functions corresponding to connectives 
are convergent in the sense of Definition ||. So we will concentrate on the 
case where L contains an (existential) quantifier. In this case we have the 



following function on potential solution sets (see [34] for the other cases). 



Definition 4 For a variable v GV , the u-projection operator is a function 
P on potential solution sets such that a variable assignment 9 € P{d) iff 
there is an a (z S such that 9- E d. 



V 



So, for a constraint 3x (p, we can compute an approximate solution set 
of the total constraint from an approximate solution set of <j), by applying 
Extjp}, where P is the x-projection operator, to the approximate solution 
set of (/). Extending the above example to the constraint 3y + < 1, 
we can use the y-projection operator to compute an approximate solution 
set of this constraint. The result contains all potential solution sets that 
do not assign values less than —1 or greater than 1 to x. This determines 
all variable assignments for which x is not in [—1, 1] to false, and leaves all 
other variable assignments undetermined. 

Using the argument from Section ^ it is easy to show that the extension 
of the approximate function that contains the projection operator is not con- 
vergent. Thus we cannot fulfill our specification (Figure |l|) for constraints 
containing quantifiers. So we have to find a similar, but easier problem for 
which we can fulfill the specification. We do this by introducing quanti- 
fiers that approximate classical quantification, but result in a convergent 
projection operator. 



5 A First-Order Predicate Language with Approx- 
imate Quantifiers 

Classical quantifiers and volume quantifiers do not allow approximation up 
to an arbitrarily small error bound because they discontinuously change from 
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false to true. If the size of the solution set of the quantified constraint is 
exactly at this point of discontinuous change, then we cannot decide between 
true and false using approximate computation. 

We avoid this discontinuous change by using volume quantifiers 3q (Vg) 
for which we do not specify the annotation q exactly, but only require it 
to be within a certain interval [q,q]. Then a constraint solver can choose 
an element of this interval element for which it can safely decide whether 
the total constraint is true, using the available approximate information. 
This means that sentences containing such an approximate quantifier can 
possibly be both true and false — depending on which element of the interval 
[q,q] we choose. This happens if the size of the solution set of a quantified 
constraint is within the interval [q,q] (see Figure ^. 



is true 
is false 



p p size of solution set of ( 
Figure 2: Approximate Quantifiers 



Recall that an approximate solution set of a constraint consists of several 
potential solution sets, and we do not know which of them is the correct 
one — we have don't know nondeterminism. But here we are in exactly the 
dual situation: We allow several equally possible truth- values, and we do not 
care, which of them is chosen — thus we have don't care nondeterminism. 

Since our quantifiers depend on the size of the solution set of the quanti- 
fied constraint, we also have to deal with the situation when this solution set 
is not measurable. Fortunately, this again is don't know nondeterminism. 
If the solution set is not measurable, then we only know that its volume 
is between the inner and the outer measure, but we do not know which of 
these. 

A naive approach to modeling such a situation, where a logical formula 
can have more than one solution set, would propagate sets of truth- values 
by applying the logical symbols element-wise. For example, if for a sentence 
01 A 02 the approximate truth- value of 0i is {T} and the approximate truth- 
value of 02 is {T, F} then the combination of all these elements yields a 
truth-value of {T, F} for the whole sentence. This results in a many-valued 



logic 1 40, In order to show that this approach is not feasible, we first 
demonstrate, that this would need a more complicated many-valued logic, 
and then give a reason, why to avoid many- valued logics altogether: 

One would need a more complicated many-valued logic, because of the 
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need to consider the interaction between the don't care nondeterminism re- 
sulting from the approximate quantifiers and the don't know nondetermin- 
ism resulting from unmeasurable sets. Approximate quantifiers can result 
in an approximate truth-value {T,F}. An unmeasurable solution set can 
result in an unknown solution set of a formula. Typically one would model 
this by an empty set. But one wants to be able to assign the approximate 
truth- value {F} to the whole formula (pi A (j)2, if has the approximate 
truth-value {F} and (j)2 has the empty approximate solution set, although 
element-wise combination yields the empty set in this case. This problem 
arises because a non-existing truth-value for (j)2 means that it can have two 
possible truth- values (T or F). We do not know which one, but we have 
modeled only the don't care form of nondeterminism. 

One could construct a many-valued logic that solves this problem |l7|, 



15 1, but there is another problem that makes us avoid such an approach 
altogether: For example, consider (p A ^(p, where (p has the approximate 
solution set {T, F}. Then element-wise combination yields the approximate 
solution set {T,F}, although we want this formula to be false in any case. 
The reason is, that a many-valued logic forgets the information about the 
equality of cp in both branches of A |4C, SC]. This also makes it impossible 
to define <-> (equivalence) as an abbreviation. A similar problem also occurs 
in interval mathematics pO, 32 1, where the information about equal terms 



is lost. 

Before going into the details of our solution, we fix the syntax of the new 
language. It is the usual one of the first-order predicate language, with the 
only exception that instead of classical quantifiers, approximate quantifiers 
are used. Consider the example VjQ-^g2]^ ^foooi]^ [ ^ ^ 2/ = ]. 
The quantifiers have a subscript consisting of a nonnegative real interval 
(the annotation). Furthermore they have a positive integer superscript (the 
tag). We require that, within a formula, quantifiers that have the same tag, 
also have the same annotation. 

Tag equality indicates equal (nondeterministic) behavior of the according 
quantifiers. That is, for quantifiers that have the same tag, the same element 
of the corresponding annotations should always be chosen. This will allow 
us to make A A false in any case, and makes the definition of A B as 
an abbreviation for (A V ^B) A {^A V B) possible. 

If the annotation of a quantifier is a one-element interval then we say that 
the quantifier is deterministic. A formula where all the tags of quantifiers 
that are not deterministic, are different, is called free. Often we do not 
explicitly write down the tags but assume an arbitrary tagging such that a 
formula is free. 

For assigning semantics to such formulas, we need to extend some of the 
usual definitions of the first-order predicate logic: 

Definition 5 An m-structure consists of a measure space V, and for each 
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relation and function symbol an according relation and function in V. 

As usual, by abuse of notation, we denote by V also the set on which the 
measure space is defined. Terms can be interpreted as usual in m-structures. 
We again fix an arbitrary m-structure S with measure space V that defines 
a measure fi. For defining the semantics of approximate quantification we 
use a method that is completely orthogonal to the semantics usually given 
to formulas when we don't know the value of certain predicate and function 
symbols and thus assign validity to the formula using all possible predicate 
and function symbol assignments. 

It is straightforward to give semantics to a first-order constraint with 
approximate quantifiers if we already know for each occurring quantifier 
with annotation [q,q], which volume quantifier 3q or Vg, where q G [q,q], 
and which possible measure to use. So, in analogy to the notion of struc- 
ture which assigns information to predicate and function symbols, we assign 
information to quantifiers as follows: 

Definition 6 Given a first-order constraint cf), a function g* : N ^ M zs a 
quantifier choice for (f) iff for every t S N that occurs as a quantifier tag in 
(j), q*{t) € [q^'cj\, where is the annotation of the quantifiers occurring in 
(j) that are tagged by t. 

In a similar way, we can assign to each tag the possible measure that 
should be used (recall from Section ^ that in the case of measurable sets a 
possible measure just assigns its measure, otherwise any value between the 
inner and the outer measure). 

Definition 7 A measure guess is a function 

/^*:N^(2^^[0,cx)]), 

such that for all t G N, n*{t) is a possible measure. 

It is an easy exercise to define the solution set of a constraint (j), for a 
certain quantifier choice q* for (p, and a certain measure-guess /.i*. Now we 
model that we don't care for the quantifier choices and don't know about 
the right measure guesses. For this we introduce two notions corresponding 
to the notion that a constraint is true. The essence is, that now different 
quantifier choices can be used, and each choice can result in a different 
overall result: 

Definition 8 A first-order constraint (p is true for a variable assignment 
6 iff there is a quantifier- choice q* for (j), such that for all measure- guesses 
jx* , (j) is true for 9, q* , and fi* . A first-order constraint (j) is false for a 
variable assignment 9 iff there is a quantifier- choice q* for (p, such that for 
all measure-guesses ji* , (p is not true for 9, q* , and fi* . 
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As an example assume a sentence ^j^ ^jx (j), where (j) has a measurable 
solution set d^. If the volume of is less or equal q the constraint is false; 
if the volume of is greater than g, then cf) is true; but if the volume of 
d(j, is within [g, g], (j) is both true and false. So we have exactly the behavior 
sketched in Figure ^. 

6 Approximate Computation and Approximate Quan- 
tifiers 

The question remains, whether we can solve first-order constraints that con- 
tain approximate instead of classical quantifiers, up to an arbitrarily small 
error bound. For this we apply our model for approximate computation 
of Section |^ to approximate quantification. The agenda will be, first to 
show how to propagate all available approximate information, and then to 
show, how to infer from this the information needed for our specification in 
Figure [l|. 

In Section ^ we represented the uncertainty about a solution set by the 
notion of approximate solution set of a constraint. In addition to this, here 
we also have the don't know nondeterminism resulting from measure guesses. 
So an approximate solution set of a constraint (j) under a quantifier choice 
q* is a potential approximate solution set that contains all solution sets of (j) 
under this quantifier choice q* and any measure guess fi* . But in addition to 
this nondeterminism, the semantics of our language, as given in Definition ^, 
takes into account the don't care nondeterminism resulting from quantifier 
choices. This means that several different approximate solution sets can be 
equally valid, depending on the actual quantifier choice taken. For modeling 
this situation we introduce a second level of approximation: 

Definition 9 A potential biapproximate solution set is a set of potential 
approximate solution sets. A biapproximate solution set oi (p is a set of 
approximate solution sets of (j). 

Note that here, when dealing with don't care nondeterminism, we ap- 
proximate the case of full information, by taking a subset instead of superset 
of all possible objects. 

In general, also for functions one can have these two forms of nondeter- 
minism: On the one hand, we can have several functions where we don't 
know which is the right one. On the other hand, we can have several func- 
tions where we don't care which one is chosen. Analogously to solution sets, 
we model the combination of both by sets of approximate functions, which 
we call biapproximate functions. 

For typesetting reasons, instead of A we use the notation A to denote 
biapproximate objects. Again we can deduce the information that we want 
to find for our specification (Figure ||) as follows: 
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Definition 10 A variable assignment 9 is determined to true by a potential 
biapproximate solution set d iff there is a potential approximate solution set 
d € d such that 6 is determined to true by d. It is determined to false by d 
iff there is a potential approximate solution set d £ d such 9 is determined 
to false by d £ d. It is determined by d iff it is either determined to true or 
determined to false by d. 

Now we again define the error of a potential biapproximate solution set 
d as the outer measure of the set of all variable assignments not determined 
by d. 

As for classical quantification also approximate quantification results in 
a function on potential solution sets: 

Definition 11 For a variable v £ V , a nonnegative real number q, and a 
possible measure //, the {v, q, /i)-projection operator P^' ^ is a function on 
potential solution sets such that 6 € Pg^^{d) iff /i({a £ S\9^ £ d}) > q. 

For a variable v and nonnegative real number q, we call the set of all 
(u, g, //)-projection operators approximate {v,q) -projection operator and de- 
note it by . This is an approximate function. For a fixed v and interval 
[q,q] we call the set of all (u, g)-projection operators, where q G [q,q], biap- 
proximate (f, [q,q]) -projection operator. This is a biapproximate function. 

Now we compute biapproximate solution sets by applying the extension 
of the functions that correspond to the logical symbols. 

Lemma 1 Let 3*^^^?; (f) be a constraint, an approximate solution set of 
4> under a quantifier choice q* for ^l^-jV and P = Pq-{ty Then Extp{d(f)) 
is an approximate solution set of -j (j) under q* . 

Theorem 1 Let ^jg^jf (j) be a constraint such that the tag t does not occur in 

(j), let d(fy be a biapproximate solution set of (f), and let P be the biapproximate 
(v, [q,q]) -projection operator. Then Extp{dcf)) is a biapproximate solution set 

Proof. Let d be an arbitrary but fixed element of Extp((i). We have to 
prove that d is an approximate solution set of ^\qq-\V 4>- By definition of 

extension we know that there is a € and a g € [g,^] such that d = 
Extp^i) {d^). By definition of biapproximate solution set, d^ is an approximate 
solution set of (j) under a quantifier choice of (p. Let q* be such that it is 
equal to q*^ on all tags occurring in 0, and let it assign q to t, which is possible 

since t does not occur in (j). Then, by the previous lemma, Extp^'^^^^ (d,^) = d 
is an approximate solution set of (j) under q* . ■ 
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The condition on the tags is always fulfilled for free constraints. If it does 
not hold, the resulting biapproximate solution set might contain elements 
that are no approximate solution sets of the constraint. The reason for this 
is, that the extension does not take into account tag equality in a similar way 
as interval arithmetic does not take into account equality of variables |30, 32]. 



7 Representing Biapproximate Solution Sets 

Before studying, whether biapproximate projection is convergent, we first 
study biapproximate solution sets in more details. Observe that different 
potential biapproximate solution sets can contain exactly the same informa- 
tion we need to find for fulfilling our specification in Figure ||. For example, 
if we have the biapproximate truth value {{T}} of a sentence, then we 
know that the sentence is true. But, if we have the biapproximate truth- 
value {{T},{T,F}}, then we have exactly the same information. So there 
is some interaction between the two forms of nondeterminism that poten- 
tial biapproximate solution sets do not explicitely take into account, and we 
can divide the potential biapproximate solution sets into equivalence classes 
such that each equivalence class element contains the same information. 

In this section we show, that in many cases it suffices to implement 
functions on potential biapproximate solution sets (e.g., projection opera- 
tors) just on the above equivalence classes. Since the set of equivalence 
classes has a much lower cardinality than the full set of potential biapprox- 
imate solution sets, we can then find a representation that is better suited 
for computer implementation. Furthermore we gain a valuable tool for the 
subsequent proof that the biapproximate [g, g]-projection operators are con- 
vergent, and find interesting insight in the interaction between don't know 
and don't care nondeterminism. 

Before studying the general case of potential biapproximate solution sets, 
we start with the easier case of potential approximate solution sets. The 
information we want to extract are the elements determined to true, and 
the elements determined to false by a potential approximate solution set d. 
These are exactly the elements f] d, and all elements not in |J d. This gives 
us the equivalence relation di ~ (i2 iff (fl '^ii U '^i) = (fl ^2, U ^2)- 

Now let us also define an order < on functions on potential approximate 
solution sets such that fi < f2 iff for all d, fi{d) C f2{d). Also here we can 
form an equivalence relation on approximate functions by defining fi ~ /2 
iff (min /i , max /i ) = (min /2, max /2). We call a function / on potential 
solution sets monotonia iff di C d2 implies f{di) C f{d2)- In a similar way 
we define an approximate or biapproximate function to be monotonic iff all 
its members are monotonic. 

For computing with the equivalence classes instead of their members, we 
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need to know whether all members of equivalence classes behave equally for 
function application. For this we pick a canonical representative from each 
equivalence class and prove that all the other class members behave in the 
same way as this representative. We can order potential approximate solu- 
tion sets by the subset relation, and so we can also use interval notation on 
them: [d, d] := {d \ dQ d Q d}. Observe that for any potential approximate 
solution set d, the interval r{d) := [H'^jU'^] equivalent to d, and for any 
approximate function / the interval r(/) := [min/,max/] is equivalent to 
/. So we take r{d) and r(/) as the canonical representatives. Now we have 
the following congruence property: 

Lemma 2 For a potential approximate solution set d with canonical rep- 
resentative [d, d] and a monotonic approximate function f with canonical 
representative [/,/], r{Extj{d)) = [fid),f{d)]. 

Proof. By definition, r(Ext^{d)) is equal to 

[f|Ext;((i),UExt;(d)] 

Now, by inserting the definition of Ext ^ and by monotonicity of / 

fl Ext^-(d) = f|{/(d) \fef,ded} = (min /Kfl d) = m 

and 

UExt;(d) = \J{f{d) \fef,ded} = {maxf){\Jd) = 1(d). 



The (u, g, /x)-projection operators are monotonic. Furthermore the rep- 
resentation of each approximate (f , g)-projection operator is the interval 
[Pq^^jnPq-p\- So we can compute the approximate projection of a potential 
approximate solution set by just computing with the interval bounds of the 
corresponding representations. 

Now we study the general case of potential biapproximate solution sets. 
In a similar way as potential approximate solution sets, different potential 
biapproximate solution sets can yield the same information. Also here the 
information we want to extract are the elements determined to true, and 
the elements determined to false by a potential biapproximate solution set d 
(see Definition These are the elements Ulfl d\d ^ d}, and all elements 
not in n{|J d\d ^ d}. Again, this gives us an equivalence relation di ~ d2 iff 
(Un d\d(i Ji}, niU d\de di]) = (Uin d\de JsI, niU d\d(^ Jal). in 
a similar way we get an equivalence relation on biapproximate functions by 
fl ~ /2 iff (max{min_/|/ G /i}, min{max / | / G /i}) = (max{min/|/ G 
/2},min{max/| / G h}). 
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Again we pick canonical representatives from the equivalence classes. For 
any elements x and x in a domain with a partial order <, let \x,x'\ := {[y^yU 
^] I y € [x n X, x]}. We call such an object hiinterval (algebraically speaking 
the resulting objects form a bilattice |1T7| , By forming biintervals we 

stay within an equivalence class: 

Lemma 3 Let A he a set, let a an element of the corresponding set A, and 
let {a, a) = (Ulfl'^l^ ^ '^IjOIU'^I'^ ^ ^})/ ^^^n [a, a] ~ a. 

Proof. 

|J{[^a|a € la,aj} = [J{f][a, aUa]\a G [a Ha, a]} = 

\^{a\a € [a n a, a]} = a = UiP) ^^1*^ ^ ^^j 
In a similar way fllU ^1^ S [a, o]} = fllU '^l^ ^ ^ 

So again, we denote the canonical representative lUlfl '^1^ ^ d}, HIU ^1^ ^ '^11 
oi dhy r(d), and the canonical representative [max{min/j/ G /}, minjmax /|/ G 
of / by Also here we can compute with the representatives because of 

the following congruence property: 

Theorem 2 For a potential biapproximate solution set d and a monotonic 
biapproximate function f, r{Ext^{d)) = /(d)], where \d,d\ = r{d), 

andlf_J} = r{f). 

Proof. By definition, r(Ext^((i)) is equal to 

iijin G Ext^-(^~)}, n^u ^ Ext^-(^~)}i 

We have: 

d\d e Ext^-((i)} = def. of Ext 

\J{(~] Extj{d)\f e f,d£d}= def. of Ext. 

|J{(min /Kfl d)\f e f, d G d} = monot. 
(max{min f\f G /DdJiQ d\d G d}) = def. of r 

For the dual case an analogous argument holds. ■ 

For a biapproximate [g, g]-projection operator P, r{P) is the biinterval 
\Pq,PL, Pqjil- As a consequence of the above theorem, for every potential bi- 
approximate solution set d we can compute the projection of its equivalence 
class by just working on the bounds d and d of r{d) to get 
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8 Biapproximate Projection is Convergent 



Now we are ready to prove that for approximate quantifiers we can compute 
approximate solution sets of constraints up to arbitrarily small error bounds. 
For this we call a potential biapproximate solution set that contains only 
measurable solution sets measurable. 

Definition 12 Let d be a potential biapproximate solution set. For any 
variable assignment 9 the v-erroi of d over 9 is the outer measure of all 
a & S for which 9^ is not determined by d. 

We first prove that for single points in the free variable space we can 
attain an arbitrarily small error. 

Lemma 4 For every measurable potential biapproximate solution set d, for 
the biapproximate {v,[q,q]) -projection operator P with q < q, for almost 
all variable assignments 9 such that 9 is not determined by r{Extp{d)), the 
V- error of d over 6 is greater than q — q. 

Proof. Observe that a variable assignment 9 is not determined by a po- 
tential biapproximate solution set with representation [d, dj iS 9 ^ d and 
9 & d. Let r{d) = fd, dj and let 9 be such that it is not determined by 
r(Extp([d,d|)), which is iPli^U) , Pl-p{d)j by Theorem |. So, by definition 

of projection operator, ^{{a \ 9^ € d}) < q and /!({« | 9^ £ d}) > q. Since 
d and d are measurable, by Fubini's theorem, the sets {a | G d} and 
{a\9^ d} are measurable for almost all 9. The 9 that are not determined 
by Id, dj are represented by the set {a\9^ ^ dA9^ £ d}. Clearly the volume 
of this set is greater than q — q. ■ 

Since we have shown in the last section that for computing our specifi- 
cation (Figure ||), we can apply the canonical representative of projection 
operators instead of the projection operators themselves, we now prove: 

Theorem 3 For q <q, and the biapproximate {v, [q,q]) -projection operator 
P, r o Extp restricted to measurable potential biapproximate solution sets is 
convergent. 

Proof. We have to prove that for all e € M^, there is a 5 € M"*" such that 
for every measurable potential biapproximate solution set d such that the 
error of d is less than 5, the error of r(Extp((i)) is less than e. 

Choose (g — q)e for 5, and let d be an arbitrary but fixed measurable 
potential biapproximate solution set. We derive a contradiction from the 
assumption that the error of d is less than {q—q)e, but the error of r(Extp((i)) 
is greater or equal e. 
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By Lemma ^, for almost every 9 that is not determined by r(Extp((i)) 
the t;-error of d over 9 is greater than q — q. The measure of these 9 is greater 
or equal e. So, by Fubini's theorem, the error of d is greater than (g — g)e, 
which is contradiction to our assumption. ■ 

Note that, if unmeasurable sets occur, then we still can ensure that the 
projection operator is convergent, by making the interval big enough. 
In general, we can make computation faster by increasing the size of the 
interval [g,^], that is, by decreasing the required precision. 

In a similar way as the projection operators for quantifiers, also for the 
other logical symbols (V, A, there are corresponding functions on poten- 
tial solution sets |^4|, and for free constraints we can use their extension to 
propagate the according potential biapproximate solution sets. The func- 
tions corresponding to conjunction and disjunction are monotonic, and for 
the function N corresponding to negation, di C d2 implies N[di ^ d2), 
which entails a similar property as Theorem |2[ So we can use biinterval 
representation also here. 

As an example take the constraint + y'^ < 1 and the biinterval [0, 
where the potential solution set is the set of all variable assignments 
that assign elements of [—1, 1] to both x and y. This determines all ele- 
ments outside of the rectangle [—1,1] x [—1, 1] to false and leaves the other 
elements undetermined. Furthermore, take the constraint x > and the 
biinterval [0, 52], where S2 is the set of all variable assignments. This leaves 
all variable assignments undetermined. The solution set of a conjunction 
is the intersection of the solution sets of the according sub-constraints, and 
intersection is monotonic. So by Theorem |^ we can take the intersection of 
the corresponding biinterval elements, which is n and Si H 5*2, and get 
the biinterval |0, Si\ as a biapproximate solution set for x^ + y^ < 1 Ax > 0. 

One can easily show that the functions corresponding to V, A, and 
are convergent. So we can compute approximate solution sets of free con- 
straints from approximate solution sets of their atomic sub-constraints, as 
described in Section ^. Furthermore — as long as no unmeasurable solution 
sets occur and provided that for all approximate quantifiers the left bound q 
of the annotation is strictly smaller than the right bound q — we can attain 
arbitrarily small, user-defined, error. 



9 Related Work 

Languages for modeling nondeterminism in various other forms have been 



introduced within the frame of abstract data types — see for example |43 



42, 21, 26 1 . There one uses nondeterministic specifications to either model 
nondeterminism occurring in reality, or to abstract away unnecessary details 
of the behavior of a real or desired system; these details might be specified 
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later. Also in analysis nondeterminism has been modeled in order to deal 
with unknown/uncertain knowledge, and a large amount of classical analysis 
has been extended to this case |l| . 

In contrast to the above cases, in our work the deterministic (exact) 
specification is already given, and we introduce nondeterminism only later, 
in order to be able to do approximate computation for a relaxed specifica- 
tion. Furthermore we deal with two forms of nondeterminism at the same 
time whereas the above approaches are always confined to one form of non- 
determinism. 

The idea to allow several equally valid outputs (i.e., don't care nonde- 
terminism) to make certain problems computable is frequently used when 
doing exact numerical computation on the reals via potentially infinite rep- 
resentations H, m, |4|. 

Modifications of the first-order language that allow reasoning about the 
size of sets have been studied coming from logic or knowledge repre- 
sentation 1^, 1^ , and they are a main topic in the area of generalized quan- 
tifiers 1 31, 41]. However, these languages do not allow any nondeterministic 
choice of the size specification and they circumvent the problem of how to 
deal with unmeasurable sets by allowing only expressions whose solution 
sets are measurable. 



10 Conclusion 

For constraints containing classical quantifiers, information about approxi- 
mate solution sets of the atomic sub-constraints of a first-order constraint 
does not suffice to compute abitrarily precise approximate solution sets of 
the whole constraints. We have provided a remedy for this problem by 
replacing the classical quantifiers in the first-order predicate language by 
approximate quantifiers. 

In addition to enabling approximation algorithms, this gives us both 
expressive power in reasoning and the possibility of tunable algorithms (al- 
gorithms where the user can decide about the tradeoff between speed and 
precision). We have implemented such an algorithm — a detailed description 
and analysis of this implementation will be published elsewhere. 

The question remains, how big we should choose the intervals of the 
quantifier annotation. Too small intervals can hamper the efficiency of con- 
straint solving, while too big intervals can disturb the information one is 
looking for. 

Most of this research was done as a part of the author's Ph.D. work. 
The author thanks his Ph.D. advisor, Hoon Hong, for all the guidance. 
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